Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
picklescan - Remote Code Execution via Undetected profile.Profile.runctx
Vulnerability Description
picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution when the pickle file is loaded.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
可信数据的反序列化
Vulnerability Title
picklescan 反序列化漏洞
Vulnerability Description
picklescan picklescan是picklescan公司的一款Python反序列化漏洞扫描工具。 picklescan 0.0.29之前版本存在反序列化漏洞,该漏洞源于分析pickle文件时未正确检测profile.Profile.runctx函数,可能导致攻击者在加载pickle文件时利用reduce方法中的profile.Profile.runctx特制恶意pickle文件实现远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A